CVE-2020-11558

An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by MP4Box. audiosampleentryRead in isomedia/boxcodebase.c does not properly decide when to make gfisomboxdel calls. This leads to various use-after-free outcomes involving mdiaRead, gfisomdeletemovie, and gfisomparsemovieboxes.

References

Affected packages

Git / github.com/gpac/gpac

Affected ranges

Type: GIT
Repo: https://github.com/gpac/gpac
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

6063b1a011c3f80cee25daade18154e15e4c058c

Affected versions

v0.*

v0.5.2

v0.6.0

v0.6.1

v0.7.0

v0.7.1

v0.8.0

Database specific

vanir_signatures

[
    {
        "signature_type": "Line",
        "deprecated": false,
        "source": "https://github.com/gpac/gpac/commit/6063b1a011c3f80cee25daade18154e15e4c058c",
        "signature_version": "v1",
        "target": {
            "file": "src/isomedia/box_code_base.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "209419338807595549989425777928616231565",
                "134613384087633747991818009045271792603",
                "270422956785987196441140460082296232631",
                "32331963034934812695965767984493227917",
                "102905533540432451858855387126122159953",
                "18872638200036743128143019695906511749",
                "110109268998264501258140192252233115066"
            ]
        },
        "id": "CVE-2020-11558-3c058c9f"
    },
    {
        "signature_type": "Function",
        "deprecated": false,
        "source": "https://github.com/gpac/gpac/commit/6063b1a011c3f80cee25daade18154e15e4c058c",
        "signature_version": "v1",
        "target": {
            "function": "audio_sample_entry_Read",
            "file": "src/isomedia/box_code_base.c"
        },
        "digest": {
            "function_hash": "67754386134682874808586504669882613302",
            "length": 1758.0
        },
        "id": "CVE-2020-11558-e5169e3f"
    }
]